diff --git a/app/Controllers/AuthController.php b/app/Controllers/AuthController.php index 059ac5d..5b510b5 100644 --- a/app/Controllers/AuthController.php +++ b/app/Controllers/AuthController.php @@ -94,8 +94,8 @@ class AuthController extends Controller $redirect = Router::route('auth.login'); // Get request variables - $username = isset($_REQUEST['username']) ? $_REQUEST['username'] : null; - $password = isset($_REQUEST['password']) ? $_REQUEST['password'] : null; + $username = $_REQUEST['username'] ?? null; + $password = $_REQUEST['password'] ?? null; $remember = isset($_REQUEST['remember']); // Check if we haven't hit the rate limit @@ -124,7 +124,7 @@ class AuthController extends Controller return Template::render('global/information'); } - if (strlen($user->password) < 1) { + if ($user->passwordExpired()) { $message = 'Your password expired.'; $redirect = Router::route('auth.resetpassword'); Template::vars(compact('message', 'redirect')); @@ -132,7 +132,7 @@ class AuthController extends Controller return Template::render('global/information'); } - if (!password_verify($password, $user->password)) { + if (!$user->verifyPassword($password)) { $this->touchRateLimit($user->id); $message = 'The password you entered was invalid.'; Template::vars(compact('message', 'redirect')); @@ -552,16 +552,7 @@ class AuthController extends Controller return Template::render('global/information'); } - // Hash the password - $password = password_hash($password, PASSWORD_BCRYPT); - - // Update the user - DB::table('users') - ->where('user_id', $user->id) - ->update([ - 'password' => $password, - 'password_chan' => time(), - ]); + $user->setPassword($password); $message = "Changed your password! You may now log in."; $redirect = Router::route('auth.login'); diff --git a/app/Controllers/Settings/AdvancedController.php b/app/Controllers/Settings/AdvancedController.php index 4a49eac..53884d7 100644 --- a/app/Controllers/Settings/AdvancedController.php +++ b/app/Controllers/Settings/AdvancedController.php @@ -114,7 +114,7 @@ class AdvancedController extends Controller } // Check password - if (!password_verify($password, ActiveUser::$user->password)) { + if (!ActiveUser::$user->verifyPassword($password)) { $message = "Your password was invalid!"; Template::vars(compact('redirect', 'message')); return Template::render('global/information'); diff --git a/app/User.php b/app/User.php index b57bd91..e458689 100644 --- a/app/User.php +++ b/app/User.php @@ -45,28 +45,7 @@ class User * * @var string */ - public $passwordHash = ''; - - /** - * The user's password salt. - * - * @var string - */ - public $passwordSalt = ''; - - /** - * The user's password algorithm. - * - * @var string - */ - public $passwordAlgo = 'disabled'; - - /** - * The password iterations. - * - * @var int - */ - public $passwordIter = 0; + public $password = ''; /** * UNIX timestamp of last time the password was changed. @@ -306,6 +285,7 @@ class User $this->username = $userRow->username; $this->usernameClean = $userRow->username_clean; $this->password = $userRow->password; + $this->passwordChan = $userRow->passwordChan; $this->email = $userRow->email; $this->mainRankId = $userRow->rank_main; $this->colour = $userRow->user_colour; @@ -1119,6 +1099,28 @@ class User ]); } + /** + * Check if password expired + * + * @return bool + */ + public function passwordExpired() + { + return strlen($this->password) < 1; + } + + /** + * Verify the user's password + * + * @param string $password + * + * @return bool + */ + public function verifyPassword($password) + { + return password_verify($password, $this->password); + } + /** * Get all the notifications for this user. *